Anybody on this list running a system without xdm/kdm? I mean init level 3 and starting X manually with startx. /usr/X11R6/bin/Xorg is not suid root in 9.3 (it was in 9.2) and it is the mode coming from xorg-x11-server package. X fails to start without being suid root, of course. Is it a bug in xorg-x11-server-6.8.2-30 (and then I am going to report it to SUSE) or am I missing something obvious here? Thanks, -Kastus
On Tuesday 24 May 2005 03:51, Kastus wrote:
Yes it is.
and it is the mode coming from xorg-x11-server package.
No, the mode is set by SuSEconfig.permissions I suspect you have your system either set to not run that at all, or you have it set to a security level that's too high. it is suid in "easy" but not in "secure" or "paranoid" You can keep your security level and just add a line to /etc/permissions.local if you prefer
On Tue, May 24, 2005 at 04:12:11AM +0200, Anders Johansson wrote:
No, the mode is set by SuSEconfig.permissions
Anders, what I meant was that in 9.2 the file provided by xorg-x11-server-6.8.1-15.6 package had suid bit set: /usr/X11R6/bin/Xorg 2054641 1109348778 73509688ecfe68960f9c56decb420785 0104711 root root 0 0 0 X While in 9.3 the package xorg-x11-server-6.8.2-30 provides: /usr/X11R6/bin/Xorg 1847788 1111512809 e68e9893c356e15f9ee08a87e01788a5 0100711 root root 0 0 0 X The suid bit is mising, as you can see.
I have PERMISSION_SECURITY="secure local" in /etc/sysconfig/security, and /etc/permissions.secure sets /usr/X11R6/bin/Xorg to root:root 0711. I actually thought about changing the mode for Xorg in /etc/permissions.local but then decided that it's gonna break rpm verification (and it actually does)
You can keep your security level and just add a line to /etc/permissions.local if you prefer
I will. Thank you very much for the advise. Best, -Kastus
On Tuesday 24 May 2005 03:51, Kastus wrote:
Yes it is.
and it is the mode coming from xorg-x11-server package.
No, the mode is set by SuSEconfig.permissions I suspect you have your system either set to not run that at all, or you have it set to a security level that's too high. it is suid in "easy" but not in "secure" or "paranoid" You can keep your security level and just add a line to /etc/permissions.local if you prefer
On Tue, May 24, 2005 at 04:12:11AM +0200, Anders Johansson wrote:
No, the mode is set by SuSEconfig.permissions
Anders, what I meant was that in 9.2 the file provided by xorg-x11-server-6.8.1-15.6 package had suid bit set: /usr/X11R6/bin/Xorg 2054641 1109348778 73509688ecfe68960f9c56decb420785 0104711 root root 0 0 0 X While in 9.3 the package xorg-x11-server-6.8.2-30 provides: /usr/X11R6/bin/Xorg 1847788 1111512809 e68e9893c356e15f9ee08a87e01788a5 0100711 root root 0 0 0 X The suid bit is mising, as you can see.
I have PERMISSION_SECURITY="secure local" in /etc/sysconfig/security, and /etc/permissions.secure sets /usr/X11R6/bin/Xorg to root:root 0711. I actually thought about changing the mode for Xorg in /etc/permissions.local but then decided that it's gonna break rpm verification (and it actually does)
You can keep your security level and just add a line to /etc/permissions.local if you prefer
I will. Thank you very much for the advise. Best, -Kastus
participants (3)
-
Anders Johansson -
Kastus -
Steven T. Hatton